10 Mitre Att&Ck Jobs

Key Responsibilities: • Design and review secure systems and application architectures. • Lead threat modeling, risk assessment, and attack surface analysis. • Advise project teams on security best practices throughout SDLC. • Use SD Elements to capture risks, track remediation, and ensure traceability. • Contribute to architecture boards and governance processes. • Validate secure design for cloud, hybrid, and on-premises environments. Required Skills & Experience: • 7- 9 years in Information Security or related architecture roles. • Experience in VAPT (execution & remediation). • Strong knowledge of application security, secure SDLC. • Hands-on with SD Elements (mandatory). • Expertise in TOGAF, SABSA, or NIST architecture frameworks. • Cloud Security (preferably Azure), DevSecOps knowledge. Certifications (Mandatory/Preferred): • Mandatory: CISSP • Preferred: AZ-500, CCSP Tools/Frameworks Knowledge: • SD Elements, ThreatModeler, Microsoft Defender • TOGAF, SABSA, NIST CSF, OWASP Top 10, MITRE ATT&CK Email ID: akila.s@acesoftlabs.com

Position: SOC Analyst 100% Remote Working Hours: US/UK hours Job description: We are seeking a highly motivated and skilled SOC Analyst to join our Security Operations Center. Key Responsibilities Monitor security events and alerts using tools such as Splunk, IBM QRadar, Microsoft Sentinel, and Palo Alto XSIAM. Perform initial triage and categorization of security events to determine severity and potential impact. Escalate confirmed incidents to appropriate teams or stakeholders with accurate and detailed information. Correlate logs and alerts across various platforms to detect anomalous behavior or indicators of compromise (IoCs). Utilize the MITRE ATT&CK framework to enrich detection and response processes. Collaborate with Incident Response and Threat Intelligence teams for deeper investigations. Generate reports and dashboards for incident trends, KPIs, and SOC performance. Maintain documentation of SOC procedures, playbooks, and workflows. Participate in regular threat-hunting and detection engineering activities. Continuously evaluate and tune detection rules and alerts for improved accuracy. Required Qualifications Education: Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field (or equivalent experience) Certifications: CompTIA Security+ CySA+ Certified SOC Analyst (CSA) or equivalent Required Skills and Experience 3+ years of experience in a SOC environment or cybersecurity operations Proficient with SIEM platforms: Splunk, IBM QRadar, Microsoft Sentinel Experience with EDR/XDR platforms like Palo Alto XSIAM and CrowdStrike Falcon Familiarity with MITRE ATT&CK and threat detection mapping Preferred Qualifications Understanding of cloud security monitoring (Azure, AWS, GCP) Exposure to SOAR tools and incident response automation Knowledge of NIST, ISO 27001, and other security compliance frameworks Interested candidate can apply: dsingh15@fcsltd.com

Investigate, hunt, and lead escalated incident response using advanced threat detection from SIEM, EDR, NDR platforms. Develop and manage custom detection use cases aligned to threat frameworks and customer environments. Key Responsibilities: Monitoring, Investigation & Triage Triage and correlate alerts from SIEM (QRadar/Sentinel), EDR, and NDR Identify lateral movement, C2 activity, and data exfiltration Lead incident investigations and initiate containment measures Threat Hunting & Detection Engineering Proactive hunting using logs, flow data, and behavior analytics Apply MITRE ATT&CK for hypothesis-driven hunts Develop, test, and optimize custom detection rules Maintain a backlog aligned with emerging threats Tool Proficienc y SIEM: Advanced KQL/AQL queries, rule tuning, alert optimization EDR: Defender for Endpoint binary/process analysis, endpoint containment NDR: Darktrace/LinkShadow behavioral baselining, detection logic SOAR: Sentinel Playbooks / Cortex XSOAR for automated workflows Cloud Security: Azure AD alerts, MCAS, Defender for Cloud, M365 Defender Threat Intelligence Integration IOC/TTP enrichment Threat intel feed integration Contextual alert correlation Reporting & RCA Draft technical incident reports and RCAs Executive-level summaries for major incidents Cloud Security (Optional): Investigate alerts like impossible travel, app consent abuse Respond to cloud-native security incidents using Defender for Cloud, MCAS Create advanced SOAR workflows and playbook Tool Familiarity QRadar Microsoft Sentinel Microsoft Defender for Endpoint LinkShadow or Darktrace EOP/Exchange protection Antivirus platforms Defender for Identity / Defender for Cloud Advanced SOAR workflows (Sentinel playbooks / Cortex XSOAR) Network forensic tools like Wireshark / Zeek Certifications (Preferred): GCIH / GCIA / CEH Microsoft SC-200 / SC-100 QRadar Admin or equivalent Shift Readiness: 24x7 rotational shifts, including on-call support for escalations and major incidents Soft Skills: Strong analytical and documentation skills Proactive communicator Independent problem-solver and critical thinker

Threat hunting experience is must. Familiarity with threat intelligence sources and frameworks (MITRE ATT&CK, Diamond Model, Cyber Kill Chain). Ability to proactively find cybersecurity threats and mitigate them. Knowledge about Advanced persistent threats and treat actors, their TTPs. Ability to recognize attack patterns and corelate them with specific threat actors. Ability to obtain as much information on threat behaviour, goals and methods as possible. Knowledge of Analytics platforms for carrying out detailed analytics of obtained telemetry.

Greetings from IT.. I am now hiring a Threat Detection Engineer for my Clients. Location: Bangalore, Gurugram. Experience: 6-13 Years N[P: Immediate-30 days Primary skills: Threat hunting, threat intelligence, Splunk In-depth knowledge of external attacks and detection techniques to be able to run analysis of the requirements provided by threat intelligence / SOC teams, generate list of rules that could be implemented (based on self analysis of a threat and avaiable log sources), work with SOC team to operationalize and Purple Team to test.. Familiarity with MITRE ATT&CK framework and Tactics, Techniques, and Procedures (TTPs). Experience with security tools such as Splunk, MDE , Databricks to be able to write custom detections to detect various threats (preferably MDE). Kindly share your resume at chanchal@oitindia.com

Role & responsibilities Lead security incident response in a cross-functional environment and drive incident resolution. Lead and develop Incident Response initiatives that improve customer capabilities to effectively respond and remediate security incidents. Perform digital forensic investigations and analysis of a wide variety of assets including endpoints. Perform log analysis from a variety of sources to identify potential threats. Build automation for response and remediation of malicious activity. Write complex search queries in the EDR as well as SIEM tools for hunting the adversaries. Works on SOAR cases, automation, workflow & Playbooks. Integrating and working on Identity solutions. Developing SIEM use cases for new detections specifically on identity use cases Working experience in Microsoft On-prem and Entra ID solutions Good knowledge in Active Directories and Tier 0 concepts Very good knowledge of operating systems, processes, registries, file systems, and memory structures and experience in host and memory forensics (including live response) on Windows, macOS and Linux. Experience investigating and responding to both external and insider threats. Experience with attacker tactics, techniques, and procedures (MITRE ATT&CK) Experience analyzing network and host-based security events Preferred candidate profile Domain SOC, Lead- Incident Response Interested can share me there resume in recruiter.wtr26@walkingtree.in

Job Description Do you want to lead teams that find and exploit security vulnerabilities in Fortune 100 companies, critical infrastructure, and public sector agencies impacting millions of users? Join Securins Offensive Security Team where you'll emulate real-world attacks and oversee advanced offensive operations. We are a cross-disciplinary group of red teamers, adversarial AI researchers, and software developers dedicated to finding and fixing vulnerabilities across critical digital ecosystems. Role & responsibilities - Lead and perform advanced offensive security assessments, including Red Team operations, threat-based evaluations, and vulnerability exploitation. - Supervise and mentor a team of offensive engineers, manage task prioritization, and ensure high-quality delivery. - Execute Red Team operations on production systems, including AI platforms, using real-world adversarial tactics. - Provide strategic and technical security guidance to internal and external stakeholders. - Collaborate cross-functionally to integrate findings into enterprise detection and defense strategies. - Research and develop adversary TTPs across the full attack lifecycle. - Build tools to automate and scale offensive emulation and vulnerability discovery, utilizing AI/ML systems. - Continuously evaluate and enhance assessment methodologies and frameworks used by the team. - Contribute to the security community through publications, presentations, bug bounties, and open-source projects. Required Qualifications - 5+ years of experience in offensive security, red teaming, or penetration testing with at least 1 year in a leadership role. - Bachelors or Masters degree in Computer Science, Computer Engineering, or relevant field; or equivalent experience. - Expert knowledge of offensive security tactics, threat modeling, APT emulation, and Red Team operations. - Strong understanding of MITRE ATT&CK framework and exploitation of common vulnerabilities. - Proficiency in one or more programming/scripting languages (Python, Go, PowerShell, C/C++, etc.). - Hands-on experience with penetration testing tools such as Metasploit, Burp Suite Pro, NMAP, Nessus, etc. - Familiarity with security in cloud environments (AWS, Azure, GCP) and across Windows/Linux/macOS platforms. - Ability to clearly articulate findings to technical and executive audiences and lead mitigation efforts. - Authorization to work in the country of employment at time of hire and ongoing during employment. Preferred Qualifications - Certifications like OSCP, OSCE, OSEP, CRTO, or equivalent. - Experience with Purple Team operations and threat intelligence integration. - Track record in CTF competitions or bug bounty programs. - Reverse engineering experience or malware analysis expertise. - Exposure to Responsible AI and adversarial machine learning. - Participation in AI Village at DEFCON or similar security research events. - Publications or contributions to conferences such as AISec, NeurIPS, FAccT, or IC4. Other Requirements Ability to meet Securin, customer, and/or government security screening requirements. This includes a background check at the time of hire/transfer and every two years thereafter. Who Should Apply You have experience executing technical research and offensive security strategies with teams. You are skilled in experimental security science and confident in building your own tools. You clearly communicate findings, are mission-driven, and want to drive change in AI and cybersecurity. Role-Specific Policy This hybrid role requires in-office presence at least 50% of the time. Locations: Chennai, Tamil Nadu (India)

Skills : Microsoft Sentinel (Not Azure Sentinel), KQL, Incident Response, MS Defender, Content Management, MITRE ATT&CK, MITRE DEFEND, Kusto Query Language, Threat Intelligence, Threat Hunting, Custom Workbooks, Microsoft cloud platform Azure Required Candidate profile Bengaluru,Pune,Mumbai,Hyderabad,Chennai,Gurugram,Noida

Summary The role requires providing expertise and leadership for Incident Response capabilities including good understanding of cyber incident forensics. It requires providing both subject matter expertise and project management experience to serve as the point person” of client engagement in domain. The candidate shall pertain efficient incident response and remediation skills to minimise the impact of cyber risks. The individual will oversee and support security monitoring operations team and assist them during security incidents and ensure incidents are managed and responded effectively including and reporting to stakeholders. This role primarily consists of leading team of the Incident responders, Incident managers and stakeholders (including client, vendors, etc.) and to conduct thorough response activities on behalf of a wide variety of clients across sectors. Candidate is required to work in complex security environments and alongside SOC team to design, communicate and execute incident response, containment and remediation plans. Candidate is required to have hands-on experience of incident management and investigation tools and shall be comfortable leading teams on challenging engagements, communicating with clients, providing hands-on assistance with incident response activities, and creating and presenting high-quality deliverables. Designation / Role: Role: Incident Response Leader Level: AD Responsibilities Manage client engagements, with a focus on incident response and investigation. Provide both subject matter expertise and project management experience to serve as the “point person” for client engagements Assist with client incident scoping call and participate in the incident from kick-off through full containment and remediation. Security Analytics - Efficiently distill actionable information from large data sets for reporting, hunting, and anomaly detection. Recommend and document specific countermeasures and mitigating controls with post incident analysis findings Develop comprehensive and accurate reports and presentations for both technical and executive audiences Conduct Digital Forensic and Incident Response (DFIR) analysis, network log and network PCAP analysis, malware triage, and other investigation related activities in support of Incident Response investigations Supervise Digital Forensics and Incident Response staff, and assisting with performance reviews and mentorship of cybersecurity professionals Mature the Security Incident Response process to ensure it meets the needs of the Clients Interact with Client’s CSIRT teams to cater continuous and/or ad-hoc client requests for Incident Response services Possess the experience, credibility and integrity to perform as an expert witness. Involve in business development activities and supporting pre-sales teams in Identify, market, and develop new business opportunities Assist with research and distribute cyber threat intelligence developed from Incident Response activities Research, develop and recommend infrastructure (hardware & software) needs for DFIR and evolve existing methodologies to enhance and improve our DFIR practice. Skills required 10-14 years Information Security experience with at least 5 year of Incident Response experience. Solid understanding of MITRE ATT&CK, NIST cyber incident response framework and Cyber kill chain. Understanding of Threat Hunting and threat Intelligence concepts and technologies Experience of leveraging technical security solutions such as SIEM, IDS/IPS, EDR, vulnerability management or assessment, malware analysis, or forensics tools for incident triage and analysis. Deep experience with most common OS (Windows, MacOS, Linux, Android, iOS) and their file systems (ext3.4, NTFS, HFS+, APFS, exFAT etc) Proficiency with industry-standard forensic toolsets (i.e. EnCase, Axiom/IEF, Cellebrite/UFED, Nuix and FTK) Experience of enterprise level cloud infrastructure such as AWS, MS Azure, G Suite, O365 etc.. Experience of malware analysis and understanding attack techniques. CISSP, ECIH v2, GCFA, GCIH, EnCE or equivalent DFIR certification. Ability to work in time-sensitive and complex situations with ease and professionalism, possess an efficient and versatile communication style Good verbal and written communication skill, excellent interpersonal skills Abilities: Strong English verbal, written communication, report writing and presentations skills. Ability to multitask and prioritize work effectively. Responsive to challenging tasking. Highly motivated self-starter giving attention to detail. Strong analytical skills and efficient problem solving. Capable to operate in a challenging and fast-paced environment.

Job Summary We are seeking a highly skilled Incident Responder with expertise in MITRE ATT&CK 7+ years, NIST Cybersecurity Framework (CSF), and Detection Engineering to strengthen our cybersecurity defense and response capabilities. This role requires hands-on experience with SIEM, SOAR, EDR, and email security tools to detect, investigate, and respond to security incidents. The ideal candidate will have deep technical knowledge of security operations, threat detection, and incident handling, as well as a strong ability to collaborate with internal teams to enhance the organization's security posture. Key Responsibilities Incident Detection & Response Monitor, investigate, and respond to security incidents in real-time using SIEM, EDR, and SOAR tools . Conduct deep-dive forensic investigations on endpoint, network, cloud, and email security incidents. Apply the MITRE ATT&CK framework to map threats and develop effective detection and response strategies. Utilize Proofpoint and other email security solutions to analyze phishing, malware, and BEC (Business Email Compromise) attacks. Work with threat intelligence sources to correlate threat actor activity and improve response capabilities. Perform root cause analysis (RCA) on security incidents and document findings for continuous improvement. Detection Engineering & Security Tool Optimization Develop, tune, and optimize SIEM detection rules, correlation alerts, and use cases to improve threat visibility. Automate security operations workflows using SOAR to enhance response efficiency. Fine-tune EDR policies and response playbooks for improved threat containment and eradication. Collaborate with red and blue teams to enhance threat-hunting capabilities and improve detection coverage. Threat Intelligence & Security Framework Alignment Leverage threat intelligence and behavioral analytics to proactively detect and mitigate emerging threats. Align incident response processes with NIST CSF, MITRE ATT&CK, CIS, and other industry best practices . Work closely with security leadership to improve overall SOC maturity and response strategies . Collaboration & Continuous Improvement Partner with IT, security engineers, and business units to strengthen security defenses. Conduct tabletop exercises, purple team engagements, and post-incident reviews to improve detection and response processes. Provide training and knowledge-sharing sessions to enhance incident response capabilities within the organization. Maintain up-to-date knowledge of cyber threats, vulnerabilities, and attacker TTPs (Tactics, Techniques, and Procedures) . Qualifications & Skills Required: 3+ years of experience in incident response, cybersecurity operations, or SOC roles. Strong expertise in MITRE ATT&CK , NIST CSF , and detection engineering methodologies. Hands-on experience with SIEM tools 7+ years(Sumo Logic, Splunk, Sentinel, QRadar, or similar) for log analysis and threat detection. Expertise in EDR solutions 7+(SentinelOne, CrowdStrike, Carbon Black, or equivalent) for endpoint threat detection and response. Experience with SOAR platforms4+ (Phantom, XSOAR, Microsoft Sentinel, etc.) for security automation and orchestration. Knowledge of email security solutions (Proofpoint, Mimecast, etc.) for phishing and email threat mitigation. Strong analytical and problem-solving skills, with the ability to investigate security events thoroughly. Excellent communication skills, with experience in writing incident reports and presenting findings to stakeholders . Preferred: Security certifications such as GCIH, GCFA, CISSP, CEH, or Splunk Certified Security Analyst . Experience working with cloud security incident response (AWS, Azure, GCP) . Knowledge of scripting for security automation ( Python, PowerShell, Bash ). Familiarity with threat-hunting techniques and purple teaming methodologies .